Exchange 2007 Service Pack 1 is coming soon to a server near you. As you've read here before, there are a lot of new mobility features coming in Service Pack 1 and I hope I can provide you with some of the juicy details you've been waiting for.

Note As wonderful as these new features are, currently we do not know of any mobile phones that currently support them. We're pretty sure that eventually, you'll be able to get a device that supports them, but for now, just keep watching this blog for updates.

Here's some of what you can look forward to.

Default Exchange ActiveSync Mailbox Policies

Exchange 2007 shipped with a wide variety of Exchange ActiveSync mailbox policy settings. You could enforce a password, require that password be a certain length, prohibit the downloading of attachments, prevent users from reusing past passwords, and specify whether users could access information stored in Windows SharePoint Services document libraries. However, all of these policy settings don't do much good unless you assign your users to a policy. In Exchange 2007 RTM, all users had to be explicitly assigned to a policy. You could do this one at a time, or use an Exchange PowerShell one-liner to do it for you. In case you were wondering, here's the PowerShell cmdlet to assign all existing users to a policy.

That's really pretty simple, but wouldn't you like it to be even easier? Well, now it is. Exchange 2007 Service Pack 1 allows Administrators to designate an existing policy as the default policy. When a policy is marked as default, all new users will automatically be assigned the policy. You can switch the default policy at any time through the Exchange Management Console or the Exchange Management Shell.

New and Enhanced Policy Settings

In addition to the default policy, there are a significant number of new policy settings available in Exchange 2007 Service Pack 1. Now for a little bit of legal text: the ability to use many of the new policy settings is a premium feature of Exchange ActiveSync and requires an Exchange Enterprise Client Access License for each mailbox on which the policies are implemented. As I mentioned previously, the new policy features are available in Exchange ActiveSync Protocol version 12.1 (Exchange 2007 RTM ships with Exchange ActiveSync protocol version 12.0). Windows Mobile 6.0 is compatible with Exchange ActiveSync Protocol version 12.0. It's a reasonably safe bet that a future device operating system will support Exchange ActiveSync version 12.1, but I can't make any guarantees.

Policy Settings for Exchange ActiveSync:

Settings

Ex2007 RTM

Ex2007 SP1STANDARD CAL

Ex2007 SP1ENTERPRISE CAL

Password Required

x

X

X

Min Password Length

X

X

X

Alphanumeric Password

X

X

X

Inactivity Timeout

X

X

X

Max Failed Password Attempts

X

X

X

Policy Refresh Interval

X

X

X

Allow non-provisionable devices

X

X

X

Attachments Enabled

X

X

X

Storage Card Encryption

X

X

X

Password Recovery Enabled

X

X

X

Allow Simple Device Password

X

X

X

Max Attachment Size

X

X

X

WSS Access Enabled

X

X

X

UNC Access Enabled

X

X

X

Password Expiration

X

X

X

Password History

X

X

X

Require Manual Sync When Roaming

X

X

Min Device Pwd Complex Characters

X

X

Max Calendar Age Filter

X

X

Allow HTML Email

X

X

Max Email Age Filter

X

X

Max Email Body Truncation Size

X

X

Max Email HTML Body Truncation Size

X

X

Require Signed SMIME Messages

X

X

Require Encrypted SMIME Messages

X

X

Require Signed SMIME Algorithm

X

X

Require Encryption SMIME Algorithm

X

X

Allow SMIME Encryption Algorithm Negotiation

X

X

Allow SMIME Soft Certs

X

X

Require Device Encryption

X

X

Allow Storage Card

X

Allow Camera

X

Allow Unsigned Applications

X

Allow Unsigned Installation Packages

X

Allow Wi-Fi

X

Allow Text Messaging

X

Allow POP/IMAP Email

X

Allow Bluetooth

X

Allow IrDA

X

Allow Desktop Sync

X

Allow Browser

X

Allow Consumer Email

X

Allow Remote Desktop

X

Allow Internet Sharing

X

Unapproved InROM Application List

X

Approved Application List

X

Many of the new policy settings are intended to help administrators control the features their users can access on their mobile devices. Settings such as allow camera, allow text messaging, allow POP/IMAP email and allow wifi are intended to address some common device management problems. For example, many corporations do not allow the use of camera phones for confidentiality reasons. An administrator in this type of organization could deploy mobile devices designed to fully implement Exchange ActiveSync version 12.1 and feel confident that once the device accepted the Exchange ActiveSync mailbox policy, the device camera would be disabled.

Remote Wipe Confirmation

One last new feature that I want to mention is the addition of a remote wipe confirmation message. Remote wipe allows a user or an administrator to clear the device data in case that device is lost or stolen. The user can initiate the remote wipe process from Outlook Web Access and the administrator can initiate a remote wipe from the Exchange Management Console or the Exchange Management Shell.

In Exchange 2007 RTM, however, once the user or administrator initiated the remote wipe, they were often left wondering whether it completed. The remote wipe process is very reliable. If the device is still connected to the Internet, and the Microsoft Exchange Server computer is reachable, the next time a device initiates a connection to the Exchange Server, the remote wipe will be initiated. However, a little confirmation and reassurance is rarely a bad thing. So now, once a remote wipe has been initiated and received by the device, a confirmation email is received by the Administrator and the user.

Bring on the Service Pack 1

I hope this post has answered some of your Exchange 2007 Service Pack 1 questions. You can be sure that we'll have a lot more information on Exchange Server Service Pack 1 in the future.

Currently, we are running Blackberrys within our Exchange ’07 rollout, and they work fine. Two admins (myself and another chap) are concurrently running BB and SmartPhone – he an i730 and me the i760. Since the i760 is brand spanking new (released November 1) what patch(es) do we need to install on it to make it do the new voodoo that we would want it to do? What is so different about SP1 that we have to change / upgrade the phones?

The SmartPhones work just as fast as the Blackberrys without the risk of having RIM go down. Cost for the phones is comparable at the enterprise level, and you don’t need a BES running. At this point, it is a no-brainer, both from a business standpoint as well as a technical support / maintenance view.

Is there a quick and easy way on (most) WM5.0 and WM6.0 devices to find what version of EAS protocol is being run? What version of WAS protocol does WM5.0 (w/Messaging & Security Feature Pack installed) support?

I would love to see a comparison chart of what features are supported with Exhange 2007 + WM5.0. For the time being WM6.0 devices seem to be few and far between at this time with the cell companies we deal with (Verizon/Sprint/AT&T).

On November 30, you will be able to download Exchange Server 2007 with Service Pack 1. The list of new features in SP1 is long, including new deployment options, new features and improvements for each server role, improved integration with other applications, and even a new, third type of continuous replication. There are also general updates to almost all of the high availability topics for SP1, as well as significant updates in other content areas, such as those related to the Mailbox, Client Access, Hub Transport and Edge Transport, and the Unified Messaging server roles. You can find documentation on the new features by browsing or searching the Exchange Server TechCenter Library. If you’re in evaluation mode, you can now download the Exchange Server 2007 with Service Pack 1 trial software and see how secure, anywhere access can enhance operational efficiency.